<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Has privileges API | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'security-api-has-privileges.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-has-privileges.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-has-privileges.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/security-api-has-privileges.html" rel="nofollow" target="_blank">../en/security-api-has-privileges.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="rest-apis.html">REST APIs</a></span>
»
<span class="breadcrumb-link"><a href="security-api.html">Security APIs</a></span>
»
<span class="breadcrumb-node">Has privileges API</span>
</div>
<div class="navheader">
<span class="prev">
<a href="security-api-get-user.html">« Get users API</a>
</span>
<span class="next">
<a href="security-api-invalidate-api-key.html">Invalidate API key API »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="security-api-has-privileges"></a>Has privileges API<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/has-privileges.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>

<p><a id="security-api-has-privilege"></a>The <code class="literal">has_privileges</code> API allows you to determine whether the logged in user has
a specified list of privileges.</p>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-has-privileges-request"></a>Request<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/has-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p><code class="literal">GET /_security/user/_has_privileges</code></p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-has-privileges-prereqs"></a>Prerequisites<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/has-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
All users can use this API, but only to determine their own privileges.
To check the privileges of other users, you must use the run as feature. For
more information, see
<a class="xref" href="run-as-privilege.html" title="Submitting requests on behalf of other users">Submitting requests on behalf of other users</a>.
</li>
</ul>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-has-privileges-desc"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/has-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p>For a list of the privileges that you can specify in this API,
see <a class="xref" href="security-privileges.html" title="Security privileges">Security privileges</a>.</p>
<p>A successful call returns a JSON structure that shows whether each specified
privilege is assigned to the user.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-has-privileges-request-body"></a>Request body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/has-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">cluster</code>
</span>
</dt>
<dd>
(list) A list of the cluster privileges that you want to check.
</dd>
<dt>
<span class="term">
<code class="literal">index</code>
</span>
</dt>
<dd>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">names</code>
</span>
</dt>
<dd>
(list) A list of indices.
</dd>
<dt>
<span class="term">
<code class="literal">allow_restricted_indices</code>
</span>
</dt>
<dd>
(boolean) This needs to be set to <code class="literal">true</code> (default
is <code class="literal">false</code>) if using wildcards or regexps for patterns that cover restricted
indices. Implicitly, restricted indices do not match index patterns because
restricted indices usually have limited privileges and including them in
pattern tests would render most such tests <code class="literal">false</code>. If restricted indices are
explicitly included in the <code class="literal">names</code> list, privileges will be checked against
them regardless of the value of <code class="literal">allow_restricted_indices</code>.
</dd>
<dt>
<span class="term">
<code class="literal">privileges</code>
</span>
</dt>
<dd>
(list) A list of the privileges that you want to check for the
specified indices.
</dd>
</dl>
</div>
</dd>
<dt>
<span class="term">
<code class="literal">application</code>
</span>
</dt>
<dd>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">application</code>
</span>
</dt>
<dd>
(string) The name of the application.
</dd>
<dt>
<span class="term">
<code class="literal">privileges</code>
</span>
</dt>
<dd>
(list) A list of the privileges that you want to check for the
specified resources. May be either application privilege names, or the names of
actions that are granted by those privileges
</dd>
<dt>
<span class="term">
<code class="literal">resources</code>
</span>
</dt>
<dd>
(list) A list of resource names against which the privileges
should be checked
</dd>
</dl>
</div>
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-has-privileges-example"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/has-privileges.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The following example checks whether the current user has a specific set of
cluster, index, and application privileges:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">GET /_security/user/_has_privileges
{
  "cluster": [ "monitor", "manage" ],
  "index" : [
    {
      "names": [ "suppliers", "products" ],
      "privileges": [ "read" ]
    },
    {
      "names": [ "inventory" ],
      "privileges" : [ "read", "write" ]
    }
  ],
  "application": [
    {
      "application": "inventory_manager",
      "privileges" : [ "read", "data:write/inventory" ],
      "resources" : [ "product/1852563" ]
    }
  ]
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/2108.console"></div>
<p>The following example output indicates which privileges the "rdeniro" user has:</p>
<div class="pre_wrapper lang-console-result">
<pre class="programlisting prettyprint lang-console-result">{
  "username": "rdeniro",
  "has_all_requested" : false,
  "cluster" : {
    "monitor" : true,
    "manage" : false
  },
  "index" : {
    "suppliers" : {
      "read" : true
    },
    "products" : {
      "read" : true
    },
    "inventory" : {
      "read" : true,
      "write" : false
    }
  },
  "application" : {
    "inventory_manager" : {
      "product/1852563" : {
        "read": false,
        "data:write/inventory": false
      }
    }
  }
}</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="security-api-get-user.html">« Get users API</a>
</span>
<span class="next">
<a href="security-api-invalidate-api-key.html">Invalidate API key API »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>